Hedge-Fund Hack Part of Bigger Siege: Cyber-Experts

Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults. Photographer: Stephen Morton/Bloomberg

June 23 (Bloomberg) -- The attack on a U.S. hedge fund’s
network, which a cybersecurity contractor said last week
disrupted the firm’s high-speed trading and stole its data, is
but one among many.

That is the assessment of more than a half-dozen computer
security experts, who in recent interviews characterized the
hedge-fund industry as the target of multiple attacks, many
successful. Over the past two years, computer networks at dozens
of banks, hedge funds, law firms and other Wall Street companies
have been infiltrated by hackers mainly from Eastern European
countries, these people said.

The hackers’ methods range from crude to sophisticated:
Would-be attackers sought to gain entrance to networks through
websites often visited by fund workers -- so-called watering-hole attacks -- or tried “spearphishing” by sending e-mails
with malicious links that would open virtual doors to the
outsiders, according to these people.

The alleged incursions on the financial sector come amid
the more publicly documented attacks against other high-profile
networks, from government agencies to companies including
Westinghouse Electric Co. and U.S. Steel Corp.

The security firms didn’t identify any funds that may have
been targeted. Several multibillion-dollar hedge funds in New
York and Connecticut contacted by Bloomberg News declined to
comment. Because such funds are closely held, they aren’t under
the same obligation as publicly traded companies to report
security breaches.

Cybersecurity Resources

“Firms are intently focused on identifying emerging
threats and employing the newest, best mitigation techniques,”
Richard Baker, president and chief executive officer of The
Managed Funds Association, which represents hedge funds and
other investors, wrote in an e-mail. He said several members had
made “sizable resource commitments” toward network safety.

The alleged attempts have the potential to disrupt the U.S.
and international financial systems, said representatives of
several of the cybersecurity companies. Banks provide electronic
services to the $2.7 trillion hedge-fund industry that include
brokering trades, lending cash and maintaining custody of
assets.

One danger, these people say, is that hackers could enter
intercompany networks through a vulnerable firm in order to
reach other companies -- as with the recent hack of Target
Corp., in which intruders used their access to an air-conditioner vendor to attack the retailer’s internal network.

‘Broad Attack’

“This is a broad attack against the financial services
sector,” said Shawn Henry, a former executive assistant
director at the Federal Bureau of Investigation, who is now a
senior executive with computer security company CrowdStrike Inc.
Millions of dollars have been stolen from multiple hedge funds
over the last five years, he said in a phone interview.

The FBI and Secret Service declined to comment.

In one recent example, hackers stole passwords from the
chief financial officer and treasurer of a U.S. hedge fund, said
Eldon Sprickerhoff, founder and chief security strategist for
the Canadian network-security company eSentire Inc. The hackers
then drained about $1.5 million in under two minutes using three
wire transfers -- each just under $500,000, the amount that
would have set off an alarm at the fund -- said Sprickerhoff. He
said his firm identified the intrusion earlier this year.

Sprickerhoff declined to name the firm and the allegations
couldn’t be corroborated.

Sprickerhoff also said many hedge funds are linked to the
prime brokers conducting trades for them either by secure
Internet connections or by a direct line that doesn’t go over
the Web. Such connections, he said, have a low vulnerability to
attack, leaving hackers to seek entrance to networks by tricking
employees to open so-called phishing e-mails.

Customer Pressure

The cybersecurity companies that described such attacks
have a stake in selling services to hedge funds and banks. Keith
Alexander, the former head of the National Security Agency, is
entering the field by opening up his own cybersecurity
consultancy focused on the financial sector.

Under pressure from regulators, lawmakers and their
customers, financial firms are pouring hundreds of millions of
dollars into barriers against digital assaults. JPMorgan Chase &
Co. will spend $250 million on cybersecurity this year, Chief
Executive Officer Jamie Dimon said in an April letter to
shareholders.

In all, the global market for network-intrusion detection
and prevention equipment and services is estimated at $95.6
billion in 2014 and expected to reach $155.7 billion by 2019,
according to the Dallas research company MarketsandMarkets.

Financial Attacks

A large portion of the attacks described by the
cybersecurity experts originated in and around Russia,
Ukraine, Estonia and Bulgaria, they said, based on their
analysis of the attacks and the coding of the malware used.

Eastern European hackers have targeted more than a dozen
hedge funds for at least two years, said Tom Kellerman, chief
cybersecurity officer for Trend Micro Inc. in the U.S.

Hackers infiltrate financial companies for many reasons,
such as mapping out networks, stealing cash and pilfering
information that can be used to profit off stock market trading,
according to the security experts.

In the attack publicized last week by BAE Systems Plc,
hackers disrupted high-speed trading at a large hedge fund and
rerouted data in a way that would have given hackers the
potential to use the information to profit in rogue stock-market
transactions.

The hackers inserted software that delayed by several
hundred microseconds the ability to trade, said Paul Henninger,
global product director for BAE Systems Applied Intelligence, a
unit of BAE Systems. Henninger declined to identify the hedge
fund or its location. The target was the fund’s order-entry
system, he said.

‘A Few Microseconds’

“The difference in a few microseconds can mean a
significant difference in the profitability of that trade,”
Henninger said.

The attack was going on for eight weeks and BAE was called
in by the fund at the end of 2013, said Henninger. He said it
had “all the signatures of an organized crime attack.”

“This is the first time we’ve seen criminals actively go
after a business system and effectively take over that system
and create sabotage,” Henninger said in a phone interview.
“The assumption is that this was a for-profit attack.”

Such attacks threaten to undermine the systems used
globally for high-speed trading, Kellerman said in a phone
interview.

In what may be a bigger concern, according to Henry,
hackers have gained enough access to disrupt networks that
underpin the global financial system. They could sever
connections to bring down networks -- though they haven’t.

Firms that use quantitative models and algorithms to trade
“are much more secure and better prepared for potential attacks
than the average fund because they have invested more time and
money in infrastructure and next-generation technologies,” said
Ardiet. “I don’t think they are more prone to attack than other
large financial firms.”

U.S. Representative Mike Rogers, a Michigan Republican and
chairman of the House intelligence committee, has raised a
broader fear that hackers, including those sponsored by China,
could steal inside information that could be used to manipulate
trading.

State-Backed Hacking

“We have seen nation states on our trading networks and we
haven’t fully answered the question what were they going to
do,” Rogers said in an interview.

Hackers would have an unfair edge by being able “to
understand the value of trades and the value of mergers and
acquisitions before they would happen,” Rogers said.

Beijing has dismissed such allegations and has accused the
U.S. of conducting cyber-espionage.

Exchange operators have faced their own computer
intrusions. CME Group Inc. in November revealed that its
ClearPort clearing system had been breached and some customer
information was compromised. In 2011, Nasdaq OMX Group Inc. said
it found suspicious files on a website it runs that lets
corporate board members communicate with each other.

Cybersecurity has been flagged as one of the biggest
threats to markets and governments by industry groups and
regulators. A World Federation of Exchanges study in July found
that computers at about 53 percent of exchanges around the world
were attacked during the previous year.

In April, the Securities and Exchange Commission published
a risk alert and started soliciting information from some of the
biggest broker-dealers on their efforts to protect their
technology from hackers.